We are seeking a highly skilled Vendor Security Assessment Engineer to evaluate and ensure the security posture of third‑party vendors, partners, and suppliers. The role focuses on assessing vendor compliance with security policies, industry standards, and regulatory requirements.
Key Responsibilities:
* Conduct security assessments of third‑party vendors and identify associated risks.
* Recommend mitigation measures for identified vulnerabilities.
* Evaluate vendor compliance with security frameworks (ISO 27001, NIST, SOC 2, GDPR, and others).
* Review penetration testing reports, cloud configuration assessments, and related findings.
* Perform security due diligence for vendor onboarding and ongoing relationships.
* Collaborate with procurement, legal, and IT security teams to ensure adherence to security requirements.
* Develop and maintain security assessment questionnaires and methodologies.
* Monitor vendor security incidents and coordinate remediation efforts.
* Provide recommendations for vendor risk remediation and track progress.
* Maintain documentation of assessment results and deliver regular reports to management.
* Stay updated on emerging security threats and industry best practices.
Required Qualifications:
* Third-Party Risk Management
* Bachelor’s degree in Computer Science, Information Security, or a related field.
* Minimum of 3 years of experience in security risk assessment, vendor risk management, or cybersecurity.
* Strong understanding of security frameworks and regulatory compliance.
* Ability to analyze vendor security policies, architecture, and controls.
* Excellent communication and interpersonal skills.
* Relevant certifications (e.g., CISSP, CISA, CISM, CRISC) are a plus.
Preferred Qualifications:
* Experience in cloud security environments (AWS, Azure, GCP).
* Familiarity with third‑party risk management tools and platforms.
* Knowledge of data privacy laws and secure data‑handling practices.
* Experience reviewing contracts from a security and compliance perspective.